驱动层:- #include "ntddk.h"
- #define PAGEDCODE code_seg("PAGE")
- #define LOCKEDCODE code_seg()
- #define INITCODE code_seg("INIT")
- #define PAGEDDATA data_seg("PAGE")
- #define LOCKEDDATA data_seg()
- #define INITDATA data_seg("INIT")
- NTSTATUS
- ZwAllocateVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PSIZE_T RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect
- );
- #pragma PAGEDCODE
- NTSTATUS ReadWriteProcess()
- {
- NTSTATUS Status;
- HANDLE hProcess;
- OBJECT_ATTRIBUTES objAttr;
- CLIENT_ID ClientId;
- PVOID AllocateAddress = NULL;
- size_t RegionSize;
- memset(&objAttr, 0, sizeof(OBJECT_ATTRIBUTES));
- InitializeObjectAttributes(&objAttr, NULL, OBJ_KERNEL_HANDLE,
- NULL, NULL);
- ClientId.UniqueProcess = (HANDLE)964;
- ClientId.UniqueThread = 0;
- Status = ZwOpenProcess(&hProcess, PROCESS_ALL_ACCESS, &objAttr, &ClientId);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("error code: %X", Status));
- return Status;
- }
-
- KdPrint(("open process success!"));
- RegionSize = 0xff;
- Status = ZwAllocateVirtualMemory(hProcess, &AllocateAddress, 0,
- &RegionSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("error code: %X", Status));
- return Status;
- }
- KdPrint(("address:%X, size:%d\n", AllocateAddress, RegionSize));
- ZwClose(hProcess);
- return Status;
- }
- #pragma PAGEDCODE
- VOID MyDriverUnload(IN PDRIVER_OBJECT pDriverObject)
- {
- KdPrint(("DriverEntry unLoading...\n"));
- }
- #pragma INITCODE
- NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath)
- {
- NTSTATUS status = STATUS_SUCCESS;
- ReadWriteProcess();
- pDriverObject->DriverUnload = MyDriverUnload;
- return status;
- }
复制代码 应用层:- void CReadwriteprocess_testDlg::OnButton1()
- {
- // TODO: Add your control notification handler code here
- ULONG uBaseAddr;
- uBaseAddr = GetDlgItemInt(IDC_EDIT1);
- SetDlgItemText(IDC_EDIT2, (LPCTSTR)uBaseAddr);
- }
- void CReadwriteprocess_testDlg::OnButton2()
- {
- // TODO: Add your control notification handler code here
- ULONG uBaseAddr;
- char str[10] = "abcedfff";
- uBaseAddr = GetDlgItemInt(IDC_EDIT1);
- memcpy((PVOID)uBaseAddr, str, 10);
- }
复制代码 |